Explain why web applications have become such a target for hackers. In addition, choose one of the Top 10 vulnerabilities we covered in class and describe why you think it is important to securing web applications.

Web applications have become such a target for hackers because firewall works pretty well nowadays, but web applications have to let users get in their network/system in order to see and use their website, which is what the web application functions to. Hackers can take advantage by the hole that web applications opened, and hack from web server to database server from the hole for the customer data. One example would be SQL injection, which could trick the system as long as result has one row. Hackers use “or” in the last filed in SQL statement, and they probably get in as administrator because the first row of user database is usually as administrator. Therefore, it is important to have function in the web coding that only allow what types of text get in from the textbox.

When I searched online, I found there are three main reasons why web applications have become such a target for hackers. Firstly, web applications are easier to reach. According to TechTalks, in many cases, once websites are breached, they serve as a beachhead for other major attacks and allow attackers to move laterally across the network with insider access. Secondly, there are too many novice programmers writing web application codes. The third reason is the failure to update third-party packages. I think these three points could explain the reason. Malicious file injection allows attackers to perform remote code execution etc by compromising input files or streams; commonly caused by improperly trusting input files. It is important to protect the web application from attackers.

The reason why web applications have become such a target for hackers is web applications are easier to reach with low cost and potential high returns. The vulnerability of breaching security cause a possible harm easily. For example, Cross-site scripting (XSS) is a common computer security vulnerability typically found in web applications. Attackers send malicious code in the form of a browser side script to a different end user by injecting into trustworthy website. When web applications do not have best practice in protection, the impact of XSS would be the disclosure of sensitive data (Business information, PII, Intellectual information and even national security information) that might cause fraud, defamation, identity theft or destruction of targets.

The biggest reason of web applications become the target of attacking is because they are easy to hack. It is easier to reach since the existence of many loopholes. Experienced programmers are not likely to program the web applications, and most of the coding are done by relative new programmers. There are many vulnerabilities, CSRF sounds like cross-site scripting (XSS), but it’s very different from XSS, which exploits trusted users within a site, and CSRF, which exploits trusted sites by disguising requests from trusted users. CSRF attacks are considered more dangerous than XSS attacks because they tend to be less prevalent (and therefore have relatively few resources to guard against) and less defensible than XSS attacks. Since these types of vulnerabilities exist, Hackers have more chances to hack the web applications with limited resource, and we need to secure them.